public ActionResult SignCodeh(string id, SignatureStartModel model)
{
// Recover XML envelope with signed COD element from "storage" based on its ID
byte[] content;
string extension;
if (!Storage.TryGetFile(id, out content, out extension))
{
return(HttpNotFound());
}
byte[] toSignHash, transferData;
SignatureAlgorithm signatureAlg;
try {
// Instantiate a CadesSigner class
var signer = new XmlElementSigner();
// Set the XML to sign
signer.SetXml(content);
// Set the ID of the CODEH element
signer.SetToSignElementId("CODEH");
// Decode the user's certificate and set as the signer certificate
signer.SetSigningCertificate(PKCertificate.Decode(model.CertContent));
// Set the signature policy
signer.SetPolicy(getSignaturePolicy());
// Generate the "to-sign-hash". This method also yields the signature algorithm that must
// be used on the client-side, based on the signature policy.
toSignHash = signer.GenerateToSignHash(out signatureAlg, out transferData);
} catch (ValidationException ex) {
// Some of the operations above may throw a ValidationException, for instance if the certificate
// encoding cannot be read or if the certificate is expired.
ModelState.AddModelError("", ex.ValidationResults.ToString());
return(View());
}
// On the next step (SignCodehComplete action), we'll need once again some information:
// - The thumpprint of the selected certificate
// - The "to-sign-hash"
// - The OID of the digest algorithm to be used during the signature operation
// - The "transfer data"
TempData["SignatureCompleteModel"] = new SignatureCompleteModel()
{
CertThumb = model.CertThumb,
ToSignHash = toSignHash,
DigestAlgorithmOid = signatureAlg.DigestAlgorithm.Oid,
TransferData = transferData
};
return(RedirectToAction("SignCodehComplete", new { id }));
}
public ActionResult Index(SignatureStartModel model)
{
byte[] toSignHash, transferData;
SignatureAlgorithm signatureAlg;
try {
// Instantiate a XmlElementSigner class
var signer = new XmlElementSigner();
// Set the data to sign, which in the case of this example is a fixed sample document
signer.SetXml(Storage.GetSampleNFeContent());
// static Id from node <infNFe> from SampleNFe.xml document
signer.SetToSignElementId("NFe35141214314050000662550010001084271182362300");
// Decode the user's certificate and set as the signer certificate
signer.SetSigningCertificate(PKCertificate.Decode(model.CertContent));
// Set the signature policy
signer.SetPolicy(getSignaturePolicy());
// Generate the "to-sign-hash". This method also yields the signature algorithm that must
// be used on the client-side, based on the signature policy.
toSignHash = signer.GenerateToSignHash(out signatureAlg, out transferData);
} catch (ValidationException ex) {
// Some of the operations above may throw a ValidationException, for instance if the certificate
// encoding cannot be read or if the certificate is expired.
ModelState.AddModelError("", ex.ValidationResults.ToString());
return(View());
}
// On the next step (Complete action), we'll need once again some information:
// - The content of the selected certificate only used to render the user's certificate information
// after the signature is completed. It is no longer needed for the signature process.
// - The thumpprint of the selected certificate.
// - The "transfer data" used to validate the signature in complete action.
// - The "to-sign-hash" to be signed. (see signature-complete-form.js)
// - The OID of the digest algorithm to be used during the signature operation.
// We'll store this value on TempData, that will store in dictionary shared between actions.
TempData["SignatureCompleteModel"] = new SignatureCompleteModel()
{
CertContent = model.CertContent,
CertThumb = model.CertThumb,
TransferData = transferData,
ToSignHash = toSignHash,
DigestAlgorithmOid = signatureAlg.DigestAlgorithm.Oid
};
return(RedirectToAction("Complete"));
}
public IHttpActionResult Start(SignatureStartRequest request)
{
byte[] toSignHash, transferData;
SignatureAlgorithm signatureAlg;
try {
// Decode the user's certificate
var cert = PKCertificate.Decode(request.Certificate);
// Instantiate a XmlElementSigner class
var signer = new XmlElementSigner();
// Set the data to sign, which in the case of this example is a fixed sample document
signer.SetXml(Storage.GetSampleNFeContent());
// static Id from node <infNFe> from SampleNFe.xml document
signer.SetToSignElementId("NFe35141214314050000662550010001084271182362300");
// Set the signer certificate decoded
signer.SetSigningCertificate(cert);
// Set the signature policy
signer.SetPolicy(getSignaturePolicy());
// Generate the "to-sign-hash". This method also yields the signature algorithm that must
// be used on the client-side, based on the signature policy. As well as the "transfer data",
// a byte-array that will be needed on the next step.
toSignHash = signer.GenerateToSignHash(out signatureAlg, out transferData);
} catch (ValidationException ex) {
// Some of the operations above may throw a ValidationException, for instance if the certificate
// encoding cannot be read or if the certificate is expired.
return(new ResponseMessageResult(Request.CreateResponse(HttpStatusCode.BadRequest, new ValidationErrorModel(ex.ValidationResults))));
}
// Create response with some informations that we'll use on Complete action and on client-side.
var response = new SignatureStartResponse()
{
// The "transfer data" for Xml signatyures are not so big. Therefore, we can easily send it as one of
// response fields.
TransferData = transferData,
// Send to the javascript the "to sign hash" of the document and the digest algorithm that must
// be used on the signature algorithm computation
ToSignHash = toSignHash,
DigestAlgorithmOid = signatureAlg.DigestAlgorithm.Oid
};
return(Ok(response));
}
public ActionResult Index(SignatureStartModel model)
{
byte[] toSignHash, transferData;
SignatureAlgorithm signatureAlg;
try {
// Instantiate a CadesSigner class
var signer = new XmlElementSigner();
// Set the data to sign, which in the case of this example is a fixed sample "COD envelope"
signer.SetXml(StorageMock.GetSampleCodEnvelopeContent());
// Set the ID of the COD element
signer.SetToSignElementId("COD");
// Decode the user's certificate and set as the signer certificate
signer.SetSigningCertificate(PKCertificate.Decode(model.CertContent));
// Set the signature policy
signer.SetPolicy(getSignaturePolicy());
// Generate the "to-sign-hash". This method also yields the signature algorithm that must
// be used on the client-side, based on the signature policy.
toSignHash = signer.GenerateToSignHash(out signatureAlg, out transferData);
} catch (ValidationException ex) {
// Some of the operations above may throw a ValidationException, for instance if the certificate
// encoding cannot be read or if the certificate is expired.
ModelState.AddModelError("", ex.ValidationResults.ToString());
return(View());
}
// On the next step (SignCodComplete action), we'll need once again some information:
// - The thumpprint of the selected certificate
// - The "to-sign-hash"
// - The OID of the digest algorithm to be used during the signature operation
// - The "transfer data" used to validate the signature in complete action.Its content is stored in
// a temporary file (with extension .bin) to be shared with the Complete action.
TempData["SignatureCompleteModel"] = new SignatureCompleteModel()
{
CertThumb = model.CertThumb,
ToSignHash = toSignHash,
DigestAlgorithmOid = signatureAlg.DigestAlgorithm.Oid,
TransferDataFileId = StorageMock.Store(transferData, ".bin"),
};
return(RedirectToAction("Complete"));
}
protected void SubmitCertificateButton_Click(object sender, EventArgs e)
{
byte[] toSignHash, transferData;
SignatureAlgorithm signatureAlg;
try {
// Decode the user's certificate.
var cert = PKCertificate.Decode(Convert.FromBase64String(CertificateField.Value));
// Instantiate a XmlElementSigner class.
var signer = new XmlElementSigner();
// Set the data to sign, which in the case of this example is a fixed sample document.
signer.SetXml(Storage.GetSampleNFeContent());
// static Id from node <infNFe> from SampleNFe.xml document.
signer.SetToSignElementId("NFe35141214314050000662550010001084271182362300");
// Set as the signer certificate.
signer.SetSigningCertificate(cert);
// Set the signature policy.
signer.SetPolicy(getSignaturePolicy());
// Generate the "to-sign-hash". This method also yields the signature algorithm that must
// be used on the client-side, based on the signature policy. as well as the "transfer data",
// a byte-array that will be needed on the next step.
toSignHash = signer.GenerateToSignHash(out signatureAlg, out transferData);
}
catch (ValidationException ex) {
// Some of the operations above may throw a ValidationException, for instance if the certificate
// encoding cannot be read or if the certificate is expired.
ex.ValidationResults.Errors.ForEach(ve => ModelState.AddModelError("", ve.ToString()));
return;
}
// The "transfer data" for Xml signatures are not so big. Therefore, we can easily store it in a
// hidden field.
TransferDataField.Value = Convert.ToBase64String(transferData);
// Send to the javascript the "to sign hash" of the document and the digest algorithm that must
// be used on the signature algorithm computation.
ToSignHashField.Value = Convert.ToBase64String(toSignHash);
DigestAlgorithmField.Value = signatureAlg.DigestAlgorithm.Oid;
}
